FB

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CryptoLocker Ransomware Spreading

Blog

Just last month, antivirus companies  discovered a new ransomware known as Cryptolocker. This ransomware is particularly nasty because infected users are in danger of losing their personal files forever. Spread through email attachments, this ransomware has been seen targeting companies through phishing  attacks. Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

Below is an image from Microsoft depicting the process of asymmetric encryption.

assemcrypto

 

It’s infecting more than 10,000 victims on a weekly basis. This was the conclusion of security vendor Bitdefender, which conducted research on Crytolocker between October 27 and November 1.

The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server. Currently, infected users are instructed to pay $300 USD to receive this private key. Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

A few things you can do to prevent your PC from getting infected with the CryptoLocker virus:

  • Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails. Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
  • Using antivirus software is strongly recommended. Ensure the antivirus real time protection is active and virus database is up-to-date. Also keep your operating system and software up-to-date.
  • Keep a backup. If you have a real-time backup software then make sure that you first clean the computer and then restore the unencrypted version of the files.
  • Create files in the Cloud and upload photos to online accounts like Flickr or Picasa.
  • Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
  • If Crypto locker already infected your machine, make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.

It’s all well and good to prepare, but what if you already are infected? Despite the virus’s warning not to “disconnect from the Internet or turn off the computer,” this is exactly the first order of damage control.

You’ve got to realize these guys are criminals and they lie. The only thing turning off your computer does is keep the virus from continuing to infect.

In fact, unplugging your computer may save some of your files, if the virus is still in the process of infecting them.

Next, you need to figure out what damage has been done. Which files have you lost? Do you have backups of these files? If you don’t have backups, have you checked Windows’ System Restore files, which sometimes automatically back up the computer for you?

You should not pay these guys ransom. It’s just going to encourage malware authors to create similar viruses…. However reportedly paying ransom works. As a last resort it may help you out.

Mitzen Electric